diff --git a/modules/casserver/www/serviceValidate.php b/modules/casserver/www/serviceValidate.php
index 823f5922245fe4fc75ead5c361fbbceb417c0eab..a80922557ee1fcf5835c20d9cbdd0fd74d68e363 100644
--- a/modules/casserver/www/serviceValidate.php
+++ b/modules/casserver/www/serviceValidate.php
@@ -54,15 +54,15 @@ function returnResponse($value, $content = '', $attributes = array()) {
 	if ($value === 'YES') {
 		$attributesxml = "";
 		foreach ($attributes as $attributename => $attributelist) {
-			$attr = htmlentities($attributename);
+			$attr = htmlspecialchars($attributename);
 			foreach ($attributelist as $attributevalue) {
-				$attributesxml .= "<cas:$attr>" . htmlentities($attributevalue) . "</cas:$attr>\n";
+				$attributesxml .= "<cas:$attr>" . htmlspecialchars($attributevalue) . "</cas:$attr>\n";
 			}
 		}
 		if (sizeof($attributes)) $attributesxml = '<cas:attributes>' . $attributesxml . '</cas:attributes>';
 		echo '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
     <cas:authenticationSuccess>
-	<cas:user>' . htmlentities($content) . '</cas:user>' .
+	<cas:user>' . htmlspecialchars($content) . '</cas:user>' .
 	$attributesxml .
     '</cas:authenticationSuccess>
 </cas:serviceResponse>';
diff --git a/modules/core/templates/show_metadata.tpl.php b/modules/core/templates/show_metadata.tpl.php
index bdef18d8a0a96f214b46f3b07d64a8e274ffeb09..6f6782f664c96f7616ecb290639a316ccb2777c3 100644
--- a/modules/core/templates/show_metadata.tpl.php
+++ b/modules/core/templates/show_metadata.tpl.php
@@ -7,7 +7,7 @@ $this->includeAtTemplateBase('includes/header.php');
 
 echo('<pre style="font-size: 110%">');
 
-echo(htmlentities(var_export($this->data['m'])));
+echo(htmlspecialchars(var_export($this->data['m'])));
 
 echo('</pre>');
 
diff --git a/modules/saml2debug/www/debug.php b/modules/saml2debug/www/debug.php
index d707fea02cb2dd50919496b72d287bb91ae27ff3..0d1afa7b5e743e664f40d546ea78b6d0aa89764a 100644
--- a/modules/saml2debug/www/debug.php
+++ b/modules/saml2debug/www/debug.php
@@ -32,7 +32,7 @@ function decode($raw) {
 	if ($gzinflated != FALSE) {
 		$base64decoded = $gzinflated;
 	}
-	$decoded = htmlentities($base64decoded);
+	$decoded = htmlspecialchars($base64decoded);
 	return $decoded;
 }
 
diff --git a/modules/statistics/templates/statistics-tpl.php b/modules/statistics/templates/statistics-tpl.php
index 6bc4db889ef01dc1d22da3871f921bb0516bcf63..6fe94a4de66a8483f51cfecd216b77002ace152a 100644
--- a/modules/statistics/templates/statistics-tpl.php
+++ b/modules/statistics/templates/statistics-tpl.php
@@ -133,9 +133,9 @@ foreach ($this->data['availdelimiters'] AS $key => $delim) {
 	if ($key == '_') {
 		echo '<option value="_">Total</option>';
 	} elseif (isset($_REQUEST['d']) && $delim == $_REQUEST['d']) {
-		echo '<option selected="selected" value="' . htmlentities($delim) . '">' . htmlspecialchars($delimName) . '</option>';
+		echo '<option selected="selected" value="' . htmlspecialchars($delim) . '">' . htmlspecialchars($delimName) . '</option>';
 	} else {
-		echo '<option  value="' . htmlentities($delim) . '">' . htmlspecialchars($delimName) . '</option>';
+		echo '<option  value="' . htmlspecialchars($delim) . '">' . htmlspecialchars($delimName) . '</option>';
 	}
 }
 echo '</select></form>';
diff --git a/templates/httpredirect-debug.php b/templates/httpredirect-debug.php
index 065857f48c0ab225752bb6442257725b0bc03b5d..62fa382c6e7b31b02defd4d7bf453acff319fa47 100644
--- a/templates/httpredirect-debug.php
+++ b/templates/httpredirect-debug.php
@@ -7,7 +7,7 @@
 
 	<p><?php echo($this->t('{admin:debug_sending_message_text_link}')); ?></p>
 	
-	<p>[ <a id="sendlink" href="<?php echo htmlentities($this->data['url']); ?>"><?php echo($this->t('{admin:debug_sending_message_send}')); ?></a> ]</p>
+	<p>[ <a id="sendlink" href="<?php echo htmlspecialchars($this->data['url']); ?>"><?php echo($this->t('{admin:debug_sending_message_send}')); ?></a> ]</p>
 	
 	<h2><?php echo($this->t('{admin:debug_sending_message_msg_title}')); ?></h2>
 	
diff --git a/templates/metadata.php b/templates/metadata.php
index 48bc4612827926f7fd56f52ea912f538ea6846cb..3e39b36de5ddd198546fc013eac944d687ac393b 100644
--- a/templates/metadata.php
+++ b/templates/metadata.php
@@ -68,7 +68,7 @@ $this->includeAtTemplateBase('includes/header.php');
 			} else {
 				
 				echo '<div style="border: 1px solid #444; margin: .5em 2em .5em 2em; padding: .5em 1em 1em 1em; background: #FFFFCC">';
-				echo '	<a href="' . htmlentities($this->data['adminlogin']) . '">';
+				echo '	<a href="' . htmlspecialchars($this->data['adminlogin']) . '">';
 				echo $this->t('metadata_send_adminlogin');
 				echo '	</a>';
 				echo '</div>';
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 75ad959c3fedbddca3ac060c55aaa15dfaf65995..965fa39144bc1eaae94358696f58f49ca7499839 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -84,8 +84,8 @@ try {
 
 		$t->data['header'] = 'saml20-idp';
 		$t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
-		$t->data['metadata'] = htmlentities($metaxml);
-		$t->data['metadataflat'] = htmlentities($metaflat);
+		$t->data['metadata'] = htmlspecialchars($metaxml);
+		$t->data['metadataflat'] = htmlspecialchars($metaflat);
 		$t->data['defaultidp'] = $defaultidp;
 		$t->show();
 
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index b005273539298ba2e4e8b748dd5fb01c5171d949..a6417015600015d9b2ed21e7b1f5099500d1490f 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -114,7 +114,7 @@ try {
 
 <p>Metadata was sent to you from a simpleSAMLphp SAML 2.0 Service Provider. The service provider requests to connect to the following Identity Provider: 
 	<ul>
-		<li><tt>' . htmlentities($_POST['sendtoidp']) . '</tt></li>
+		<li><tt>' . htmlspecialchars($_POST['sendtoidp']) . '</tt></li>
 	</ul>
 </p>
 
@@ -123,16 +123,16 @@ try {
 
 <p>Links to metadata at service provider
 <ul>
-	<li><a href="' . htmlentities(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml'))) . '">SimpleSAMLphp Metadata page</a></li>
-	<li><a href="' . htmlentities(SimpleSAML_Utilities::selfURLNoQuery()) . '">SimpleSAMLphp Metadata (XML only)</a></li>
+	<li><a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURLNoQuery(), array('output' => 'xhtml'))) . '">SimpleSAMLphp Metadata page</a></li>
+	<li><a href="' . htmlspecialchars(SimpleSAML_Utilities::selfURLNoQuery()) . '">SimpleSAMLphp Metadata (XML only)</a></li>
 </ul>
 </p>
 
 <p>SAML 2.0 XML Metadata :</p>
-<pre>' . htmlentities($metaxml) . '</pre>
+<pre>' . htmlspecialchars($metaxml) . '</pre>
 
 <p>Metadata in SimpleSAMLphp format :</p>
-<pre>' . htmlentities($metaflat) . '</pre>
+<pre>' . htmlspecialchars($metaflat) . '</pre>
 
 <p>SimpleSAMLphp version: ' . $config->getVersion() . '</p>
 
@@ -159,8 +159,8 @@ try {
 		$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
 	
 		$t->data['header'] = 'saml20-sp';
-		$t->data['metadata'] = htmlentities($metaxml);
-		$t->data['metadataflat'] = htmlentities($metaflat);
+		$t->data['metadata'] = htmlspecialchars($metaxml);
+		$t->data['metadataflat'] = htmlspecialchars($metaflat);
 		$t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
 		
 		$t->data['idpsend'] = $idpsend;